Kako uspešno vpeljati IPv6 v Windows okolje in preživeti

Slides:



Advertisements
Similar presentations
10: ICMPv6 Neighbor Discovery
Advertisements

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
ZyXEL Confidential Address Autoconfiguration Feng Zou SW2 ZyXEL Communications Corp. 04/11/2006.
Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.
EE 545 – BOGAZICI UNIVERSITY. Agenda Introduction to IP What happened IPv5 Disadvantages of IPv4 IPv6 Overview Benefits of IPv6 over IPv4 Questions -
IPv6 Internet Protocol Version Information management 2 Groep T Leuven – Information department 2/24 Internet Protocol Version 6 (IPv6)
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
IPv6 Victor T. Norman.
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
Implementing IPv6 Module B 8: Implementing IPv6
Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
IPv6 Network Security.
Understanding IPv6 Slide: 1 Lesson 1 Introduction to IPv6.
2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 10 Internet Protocol Version 6 (IPv6)
بسم الله الرحمن الرحیم. Why ip V6 ip V4 Addressing Ip v4 :: 32-bits :: :: written in dotted decimal :: :: ::
IPv6 – part I. FUNDAMENTALS AND PROTOCOLS / ICND 1.
Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.
Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration IPv6.
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
SYSTEM ADMINISTRATION Chapter 8 Internet Protocol (IP) Addressing.
IPv6. Content  History  IPv4 Downfall  IPv6 Features  IPv6 Addresses  Changes from IPv4  IPv6 Headers/Frames/Packets  Autoconfiguration  Commands.
Universal, Ubiquitous, Unfettered Internet © ui.com Pte Ltd Mobile Internet Protocol under IPv6 Amlan Saha 3UI.COM Global IPv6 Summit,
IPv4 to IPv6 Group A2 - Roland Hollis - EJ Chambers - Rachit Gupta.
IPv6 Introduction Joe zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
IPv6 Internet Protocol Version Information management 2 Groep T Leuven – Information department 2/24 Internet Protocol Version 6 (IPv6)
Module 6: IPv6 Fundamentals. Introduction to IPv6 Unicast IPv6 Addresses Configuring IPv6.
ICMPv6 Error Message Types Informational Message Types.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
Bjorn Landfeldt, The University of Sydney 1 NETS 3303 IPv6 and migration methods.
Neighbor Discovery. IPv6 Terminology Additional subnets Router Host Neighbors Host Intra-subnet router Switch LAN segment Link Subnet Network.
1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)
IPv6 (Internet Protocol V. 6)
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
1 Internet Protocol, Version 6 (IPv6) Special Topics in Computer Sciences Second Term 1433/1434 H Dr. Loai Bani Melhim.
IP - Internet Protocol No. 1  Seattle Pacific University IP: The Internet Protocol Kevin Bolding Electrical Engineering Seattle Pacific University.
Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.
Understand IPv6 Part 2 LESSON 3.3_B Networking Fundamentals.
Dr. Authentication Or, How I Learned To Stop Worrying And Love The Azure MFA
Host Configuration: BOOTP and DHCP
Windows App Studio- Windows apps for 45 minutes
Azure RMS + Office365 = Eternal Security of the Worriless Mind
Instructor Materials Chapter 8: DHCP
IPv6/Hexadecimal Objectives:
RFC 3775 IPv6 Mobility Support
IPv6 Overview Address space Address types IPv6 and Tunneling.
IPv6 101 pre-GDB - IPv6 workshop 7th of June 2016 edoardo
SQL Server Baselining, Benchmarking and Workload Analysis
Hibridni oblak: Osnove infrastrukture kot storitve (IaaS)
CIS 116 IPv6 Fundamentals 2 – Primer Rick Graziani Cabrillo College
Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460
27th September 2016 IPv6 27th September 2016
Ch.8 Dynamic IPv6 Address Allocation
IPv6 : Next generation IP
Unit 3 Mobile IP Network Layer
Internet Protocol, Version 6 (IPv6)
Get Ready for the New Internet: IPv.6
DHCP: Dynamic Host Configuration Protocol
Review of Internet Protocols Network Layer
Presentation transcript:

Kako uspešno vpeljati IPv6 v Windows okolje in preživeti Luka Manojlovic

IPv4 – 4 octetcs == 4*8 = 32 bit address IPv4 vs IPv6 IPv4 – 4 octetcs == 4*8 = 32 bit address 10.22.33.1 – private address 193.77.157.35 - public address Around 4 billion addresses but... Where is China?!  IPv6 – 16 octects == 16x8 = 128 bit address: Two octetcs are devided by : so we have 8 units : 2001:0:5ef5:79fd:38c0:c950:3eb2:62dc = 2001:0000:5ef5:79fd:38c0:c950:3eb2:62dc 2001:0:5ef5:79fd:38::62dc = 2001:0:5ef5:79fd:38:0000:0000:62dc 2001:0:5ef5:79fd:38::62dc = 2001:0:5ef5:79fd:0038::62dc ::1 = 127.0.0.1 fe80::MACtoHEX link local addresses

Subnetting? /32? /48? /64? /64 for everyone! ISPs delegate prefixes to end costumers

No broadcast Link local only multicast ICMPv6 is a MUST for IPv6 to work

Features IPv6 Autoconfiguration IPSec Mobility – active sessions And the most important thing! Huge address space!

IPv6 header VS IPv4 header No header lenght – fixed 40 byte No identification field – Even in IPv4 useless No checksum – It‘s made on higher layers No fragmentation field No options IPv6 header VS IPv4 header No header lenght – fixed 40 byte No identification field – Even in IPv4 useless No checksum – It‘s made on higher layers No fragmentation field No options

Every option is called „Extension header“ Fragmentation // ICMPv6 type 2 – packet too big Source routing IPsec Destination options

Standardised but still sometimes we find strange implementations by various vendors... Attacks on IPv6 Developed over 15 years ago – with security perspective of that time ARP spoofing in IPv4 world == Neighbour discovery spoofing ARP request == neighbour solicitation ARP response = neighnour advertisment Duplicate address mechanisms and DOS Neighbour solicitation? Yes, IP is in use –> Loop = DOS Hostile router advertisments

Man in the middle attacks Router advertisment flood We send our router advertisment + spoofed router advertisment with liftime = 0 Router advertisment flood Windows XXX DOS – cpu 100% - firewall does not help  All routers -> lifetime =0 everything become „link – local“

Man in the middle attacks Router advertisment flood We send our router advertisment + spoofed router advertisment with liftime = 0 Router advertisment flood Windows XXX DOS – cpu 100% - firewall does not help  All routers -> lifetime =0 everything become „link – local“

Stateful autoconfiguration and flags M and O Router sends router advertisment – from this we get gateway In case both flags in router advertisment are set to 0: We have the same scenario as Stateless autoconfiguration – so we get globaly routed IPv6 address but we do not request and aditional info from DHCPv6 server In case that both flags in router advertisment are set to 1 M flag means – from DHCPv6 get stateful IPv6 (public address) O flag means – from DHCPv6 get other options (DNS, NTP...) M = 0 / O = 1 means – from DHCPv6 get other options (DNS) IP will be calculated by client... M = 1 / O = 0 means – from DHCPv6 get IP address but no other configuration – probably useless combination of flags...

Examples Exchange / mail server trick: Set-NetIPInterface –InterfaceIndex <number> -Dhcp Disabled – on all servers that have static IP address Exchange / mail server trick: mail.domain.com (A an AAAA record – so IPv4 & IPv6) mail-v4.domain.com (A record only – IPv4 only)

http://test-ipv6.com/ https://ipv6.he.net/certification/

Izpolnite anketo! Vam je bilo predavanje všeč? Ste se naučili kaj novega? Vaše mnenje nam veliko pomeni! Da bo NT konferenca prihodnje leto še boljša, vas prosimo, da izpolnite anketo o zadovoljstvu, ki jo najdete v svojem NTK spletnem profilu.

5/14/2018 2:55 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.